SQL Basics for SQL Injection

1023

SQLi is the basic of website hacking as all today have a database , Lets learn SQL Basics to easily understand the SQLi or SQL Injection techniques used in following tutorials.

The Database Hierarchy
First of all there are users which can have access to multiple databases, then a database can have multiple tables then a table can have multiple Columns and columns have data in each row.

This is an example database.

Here is an example of the most basic type of Select query.

1

select *from table1

Output will be:

Where * stands for all the columns and “table1” is the table name.

so for example we don’t want all the columns but only some selected colulms in output then the query will be.

1

select column1,column2 from table1

Output will be:

so let us try some basic conditions now to limit the output.

1

Select *from students where id=1

Output will be:

lets try some other conditions with string type columns.

1

Select *from students where f_name='camaline'

Output will be:

When ever we are facing a SQL injection. Something query this is running inside the application. So once we assume what the query is we can easily start injecting into it. Following are some common possiblities of queries you can face:

[#] If Query is taking any numerical input

1

2

3

4

5

6

select *from table_name where id=1

select *from table_name where id='1'

select *from table_name where id="1"

select *from table_name where id=(1)

select *from table_name where id=('1')

select *from table_name where id=("1")

All the above queries will give same output.

[#] If Query is taking any string input

1

2

3

4

select *from table_name where id='1'

select *from table_name where id="1"

select *from table_name where id=('1')

select *from table_name where id=("1")

All the above queries will give same output.

For Example when we see any url like “http://fakesite.com/report.php?id=23” we can easily assume what query may be working inside. And that is the first step of SQL injection.

So if we assume for the above url our Assumption Queries will be the following:

1

2

3

4

5

6

select *from table_name where id=23

select *from table_name where id='23'

select *from table_name where id="23"

select *from table_name where id=(23)

select *from table_name where id=('23')

select *from table_name where id=("23")

Well for this Tutorial this is enought. In the next tutorial i will show you how can you find out the correct query out of these assumption queries using some simple tests, and get confirmed. Once we will be confirmed, we will start injecting and understand the whole backend process at the same time.

New Hacking Articles

I started this blog out of interest somewhere 7 Years back. I had really no idea what Hacking is back then, So I have decided to refresh the articles and re-write articles that is for Security / Hacking . Slowly I will be removing all the content that is unrelated or doesn’t belongs to Hacking. So expect Articles related to Windows , Mobile, Free Content, code etc gone, and more more and many more Articles on Cyber Security and Hacking to come.
Join us on Telegram – https://t.me/ethicalhackx